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- Extensions of time maybe available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
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DETAILED ACTION 

1. A request for continued examination under 37 CFR 1.114, including the 
fee set forth in 37 CFR 1.17(e), was filed in this application after final 
rejection. Since this application is eligible for continued examination 
under 37 CFR 1.114, and the fee set forth in 37 CFR 1. 17(e) has been 
timely paid, the finality of the previous Office action has been withdrawn 
pursuant to 37 CFR 1.114. Applicant's submission filed on 02/02/201 1 
has been entered. Claims 6 and 29 are canceled. Claims 1-5, 7-28 and 
30-33 are pending of which claims 1,12 and 23 are independent. 
Examiner Note: In the examiner's answer set forth previously most of the 
independent claims were allowed. However update search revealed that a 
new ground of rejection is necessary. Applicant's representative is 
advised to review this new reference/s. 

Response to Arguments 

2. Applicant's arguments with respect to claims 1-5, 7-28 and 30-33 have 
been considered but are moot in view of the new ground(s) of rejection. 



Claim Rejections - 35 USC§ 103 



3. 



The following is a quotation of 35 U.S.C. 103(a) which forms the 
basis for all obviousness rejections set forth in this Office action: 
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(a) A patent may not be obtained though the invention is not identically 
disclosed or described as set forth in section 102 of this title, if the 
differences between the subject matter sought to be patented and the 
prior art are such that the subject matter as a whole would have been 
obvious at the time the invention was made to a person having ordinary 
skill in the art to which said subject matter pertains. Patentability shall 
not be negatived by the manner in which the invention was made. 

4. Claims 1-5. 7-28 and 30-33 _ are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Talpade et al (hereinafter referred as 
Talpade)(U.S. Publication No. 2004/0148520) (filed on January 
29, 2003) in view of Maguire et al (hereinafter referred as Maguire) (US 
Publication No. 2003/0208606 Al filed on May 4, 2002) 

5. As per independent claims 1. 12 and 23 T alpade discloses a method 
for responding to network intrusions, comprising: [Abstract] ( 

• a) receiving an intrusion detection system (IDS) alert from an 
IDS sensor [Figure 2, ref. Num "234" and "236"/ sensor] located in a 
network of computing resources [figure 2, ref. Num "204", customer 
network] wherein said IDS alert indicates an unauthorized intrusion 
upon a remotely located computing resource in said network of 
computing resources; [Abstract] (As explained on the abstract, A 
sensor shown on figure 2, ref. Num "214" and "236" examines the traffic 
entering the remotely located customer network shown on figure 2, ref. 
Num "204" and "206" for attack traffic. When an attack is detected, the 
sensor notifies an analysis engine within the ISP network to mitigate the 
attack. Therefore the analysis engine as shown on figure 2, ref. Num 
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"232" which is also located remotely with respect to the customer 
computing resource network shown on figure 2, ref. Num "204" and 
"206" is notified the IDS alert indicating an unauthorized 
intrusion/ attacks) 

•b) identifying said IDS alert;[See paragraph 0023] (The analysis 
engine shown on figure 2, ref. Num "232" identifies the DDoS 
attacks /intrusion when receiving a DDoS notification/intrusion 
notification from the sensor located remotely as shown on figure 2, ref. 
Num "234" and "236" ) and 

• c) determining an appropriate response to said IDS alert [For 
example see Abstract, "the analysis engine as appropriate response to 
said IDS alert/ notification for instance, configures a filter router to 
advertise new routing information"] that is identified at a location 
separate from said remotely located computing resource [figure 2 
and Abstract] (The computing resources are located in side the customer 
network shown on figure 2, ref. Num "204" and "206", however the Ids 
alert is identified first at the sensor located at the sensor shown on figure 
2, ref. Num "234" and "236" which is separate from said remotely located 
computing resource located inside the customer network shown on figure 
2, ref. Num "204" and "206". Furthermore, the Ids alert is also identified at 
the analysis engine shown on figure 2, ref. Num "232" which is also 
separate from said remotely located computing resource located inside the 
customer network shown on figure 2, ref. Num "204" and "206"] so that 
said determining said appropriate response is unaffected by said 
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unauthorized intrusion (As explained on the abstract, A sensor shown 
on figure 2, ref. Num. "214" and "236" examines the traffic entering the 
remotely located customer network shown on figure 2, ref. Num "204" and 
"206" for attack traffic. When an attack is detected, the sensor notifies an 
analysis engine within the ISP network to mitigate the attack. Therefore 
the analysis engine as shown on figure 2, ref. Num "232" which is also 
located remotely with respect to the customer computing resource network 
shown on figure 2, ref. Num "204" and "206" is notified the IDS alert 
indicating an unauthorized intrusion/ attacks and an appropriate response 
to said unauthorized intrusion is taken by the analysis engine such as 
configuring a filter router or diverting the traffic. Therefore such appropriate 
response is unaffected by said unauthorized intrusion.) ; and 

• d) automatically implementing said appropriate response to 
mitigate damage to said network of computing resources from said 
unauthorized intrusion by isolating said remotely located computing 
resource, [paragraph 0024-0027 and abstract] (See for instance on 
paragraph 0024, "automatically mitigates the attack by configuring one or 
more filter routers. Furthermore As it is explicitly disclosed on the abstract, 
When an attack is detected, the sensor notifies an analysis engine within 
the ISP network to mitigate the attack. The analysis engine configures a 
filter router to advertise new routing information to the border and edge 
routers of the ISP network. The new routing information diverts/ reroute all 
traffic (attack traffic/ intrusion and non-attack traffic) destined for the 
customer network to the filter router. Therefore by doing so, the remotely 
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located computing resource/ customer network is isolated from receiving 
any traffic what so ever, until the filter router, filters and remove the attack 
traffic. It is only after the attack traffic/ intrusion is filtered at the filter 
router that the non-attack traffic is passed back onto the ISP network for 
routing towards the customer network. Therefore it is undoubtedly clear 
that the computing resource is isolated from unauthorized intrusion/ attack 
traffic, so that the appropriate response to mitigate the damage to the said 
network of computing resources is automatically implemented. ") 

Talpade, does not expressly disclose the following limitation: 
"wherein said implementing said appropriate response comprises 
interfacing with a power controller that controls power to said computing 
resource to shut power to said computing resource" recited in claim 1 
and "wherein said implementing said appropriate response comprises 
interfacing with at least one switch, an associated switch, in said 
network of computing resources to virtually reconfigure said associated 
switch in order to virtually isolate said computing resource from 
remaining computing resources in said network of computing resources" 
recited in claim 23. 

However, in the same field of endeavor Maguire on paragraph 0027, 
0031, 0032 and 0039 discloses the above limitations. 

It would have been obvious to one having ordinary skill in the art, at the 
time the invention was made, to implement in the system of Talpade, a 
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mechanism to use the features such as "implementing said appropriate 
response comprises interfacing with a power controller that controls 
power to said computing resource to shut power to said computing 
resource" and "wherein said implementing said appropriate response 
comprises interfacing with at least one switch, an associated switch, in 
said network of computing resources to virtually reconfigure said 
associated switch in order to virtually isolate said computing resource 
from remaining computing resources in said network of computing 
resources" as taught in Maguire because this would enhance and 
strengthen the security of the system by isolating the computing 
resources form the IDS attack. [See Maguire; Paragraph 0027,0031,0032 
and 0039] 



6. As per claims 2, 13 and 24 the combination of Talpade and Maguire 
discloses a method for responding to network intrusions as applied 
to claims above. Furthermore Talpade discloses the method 
wherein, wherein a) further comprises: al) detecting a suspicious 
intrusion into said computing resource; [Abstract and figure 2 and 
particularly, figure 2, ref. Num "234"/ sensor,] (The computing resources 
are inside the customer network shown on figure 2, ref. Num "204" and 
"206") 



a2) determining said suspicious intrusion is unauthorized; 

[Paragraph 0017] (Sensor detects an attack) a3) generating said IDS 

alert; [See, Abstract, notification generated by the sensor] and a4) 
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sending said IDS alert to an IDS manager that is located remotely 
from said computing resource within said network of computing 
resources. [Paragraph 0024, "the IDS alert/ notification is sent to the 
Analysis engine and consequently to the ISP policy manager. Therefore 
ISP manager located remotely is notified and this meets the limitation of 
sending said IDS alert to an IDS manager that is located remotely from 
said computing resource within said network of computing resources.] 

7. As per claims 3. 14 and 25 the combination of Talpade and Maguire 
discloses a method for responding to network intrusions as applied 
to claims above. Furthermore Talpade discloses the method, 
wherein a2) further comprises: determining said suspicious 
intrusion is unauthorized when said suspicious intrusion matches 
with at least one of a list of unauthorized intrusions. [Figure 2, ref. 
248 "filter sensors in side the sensors shown on figure 2, ref. Num "234" 
and "236", filtering inherently contains matching] 

8. As per claims 4-5, 15-16 and 26-27 the combination of Talpade and 
Maguire discloses a method for responding to network intrusions as 
applied to claims above. Furthermore Talpade discloses the method, 
wherein comprises: detecting said suspicious intrusion at a network- 
based intrusion detection system (NIDS) sensor located within said 
network of computing resources. [See sensor located within said 
network of computing resources shown on figure 2, ref. Num "234" and 
"236") 
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9. As per claims 7-10, 18-21 and 30-32 the combination of Talpade and 
Maeruire discloses a method for responding to network intrusions as 
applied to claims above. Furthermore Maguire discloses the method, 
wherein d) further comprises: dl) interfacing with at least one 
switch, an associated switch, in said network of computing 
resources to virtually reconfigure said associated switch in order to 
virtually isolate said computing resource from remaining computing 
resources in said network of computing resources. [See Maguire 
paragraph 0027, 0031-0032 and 0039] 



10. As per claims 11, 17 and 33 the combination of Talpade and Maguire 
discloses a method for responding to network intrusions as applied 
to claims above. Furthermore Talpade discloses the method wherein 
said network of computing resources comprises a provisional data 
center. [See paragraph 0007, SOHO, Small office customer/ home office 
customer which are located inside the Figure 2, ref. Num "204" and 
"206" inherently contains some kinds of data center.) 

11. As per claims 22 and 28 the combination of Talpade and Maguire 
discloses a method for responding to network intrusions as applied 
to claims above. Furthermore Maguire discloses the method, 
wherein automatically interfacing with said associated switch in 
said network of computing resources; and automatically interfacing 
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with said power controller. [[See Maguire paragraph 0027, 0031-0032 
and 0039] 

Conclusion 

12. The prior art made of record and not relied upon is considered pertinent 
to applicant's disclosure. 

a. US Patent No. 7,320,142, to Kasper et al discloses the system or 
method of shutting down the network when intrusion occurs. [See 
at least column 2, 3-4] 



Any inquiry concerning this communication or earlier communications 
from the examiner should be directed to Samson B Lemma whose 
telephone number is 571-272-3806. The examiner can normally be 
reached on Monday-Friday (8:00 am— 4: 30 pm). 

If attempts to reach the examiner by telephone are unsuccessful, 
the examiner's supervisor, BARRON JR GILBERTO can be reached 
on 571-272-3799. The fax phone number for the organization 
where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from 
the Patent Application Information Retrieval (PAIR) system. Status 
information for published applications may be obtained from either 
Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more 
information about the PAIR system, see http://pair-direct.uspto.gov. 
Should you have questions on access to the Private PAIR system, contact 
the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 



/Samson B Lemma/ 
Examiner, Art Unit 2432 
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